The product

One loop, from assessment to proof.

Provra takes a client engagement end to end. The same six steps every time, each one feeding the next, all inside a workspace that stays yours alone.

01 Assess

Run the assessment, not the spreadsheet

Work through a client engagement against your chosen framework. Answers are captured once and feed every deliverable downstream, so nothing has to be re-entered.

provra.io/app/assess

NIST CSF 2.0 18 / 42 answered

PR.AC-1

Are identities and credentials managed for authorized devices and users?

YesPartialNo

PR.AC-4

Are access permissions managed with least privilege?

YesPartialNo

DE.CM-1

Is the network monitored to detect potential events?

YesPartialNo

02 Score

A posture score you can defend

Provra turns the assessment into a clear posture score and a category-level gap analysis. The math is consistent across clients and easy to explain in a room.

provra.io/app/score

72/100

Identify80%

Protect64%

Detect57%

Respond73%

Recover61%

03 Roadmap

Gaps become a prioritized plan

Every gap is ranked into a remediation roadmap by impact and effort, so the client sees what to fix first and why, not just a flat list of findings.

provra.io/app/roadmap

RemediationPriorityEffort

Enable MFA on all admin accountsHighLow

Formalize quarterly access reviewsMediumMedium

Document the incident response planMediumHigh

Encrypt backups at restLowLow

04 Policies

Policies mapped to the controls that need them

Generate the policies the assessment calls for, mapped to their controls. Start from a sound baseline instead of copying last engagement and editing by hand.

provra.io/app/policies

Access Control Policy

mapped to PR.AC

Generated

Incident Response Plan

mapped to RS.RP

Generated

Data Retention Policy

mapped to PR.DS

Draft

05 Evidence

Evidence requested and tracked in one place

Request the evidence each control requires and track what is outstanding. No more chasing attachments over email with no record of the state.

provra.io/app/evidence

Evidence requestStatus

AMAsset inventory export

Received

JDMFA configuration screenshot

Pending

RTAccess review log (Q2)

Overdue

06 Report

A client-ready report and portal

Everything comes together as a polished report and a client portal. This is the visible value your client sees, produced in an afternoon instead of a weekend.

provra.io/app/report

Security Assessment

Northwind Traders

Prepared June 2026 · NIST CSF 2.0

Posture 72/100

01Executive summary

02Posture and gap analysis

03Remediation roadmap

04Mapped policies

05Evidence appendix

Generated with Provra

Your workspace, yours alone

Every engagement stays inside an isolated workspace.

Client data never mingles across practices. Your assessments, evidence, and reports live in a workspace scoped to you on every request. See how on the security page.

See the loop on a real client.

Start a free trial, or book a walkthrough and we will show you the whole loop end to end.

Start free trial Book a demo